Wheeling and Dealing on a New Car? Beware of Dealership Stealing

Wheeling and Dealing on a New Car? Beware of Dealership Stealing

Photo Credit: iStock/BrianAJackson

Notice all those recent TV commercials touting a “December to Remember,” “Employee Pricing,” “Year-End Sales Event” and other proclaimed deals on a new set of wheels?

That’s because it’s crunch time for dealerships to meet annual sales goals…just as winter weather and (other) holiday shopping can keep consumers off their lots. So now is when manufacturers and dealerships typically offer the year’s deepest discounts and most generous incentives, making December – and particularly its last two weeks – the very best time to buy a new car, according to experts.

But that doesn’t mean some car salesmen still won’t try to rip you off. So before heading to a dealership, check websites such as Kelley Blue Book, Edmunds and TrueCar to research incentives, rebates and prices in your area – including the invoice or “dealer’s cost” for your desired vehicle – and a ballpark selling price for any trade-in you may have. (Good sources for preowned cars also include AutoTrader and Cars.com.)

Then email several dealerships requesting their best “out-the-door” price (including taxes, tags and title) for the specific make, model and trim line of the vehicle for you seek. To avoid bait-and-switch scams, ensure that any particular cars advertised with a great price is still in its inventory (or another with the same trim and options is available), and that any manufacturer rebates and other incentives are not built into your starting price for negotiations. All the while, steer clear of these common tricks:

Focusing on monthly payments. This allows salesmen to meet virtually any monthly price you seek; they just extend the car loan, lowball your trade-in or play other shell games to make you think you’re getting a deal. Better: First dicker on a purchase price. Then handle your trade-in as a separate transaction. Only after doing both should you discuss and compare any loan rates and monthly payments at several dealerships, as well checking loan options with banks and credit unions.

Supplemental sticker swindles. Along with the official MSRP, you may find an additional window sticker listing charges of $595 or more for “Dealer Prep,” “Special Value Package” or simply labeled as ADP or ADM (which stands for “Additional Dealer Profit” and “Additional Dealer Markup”). These hefty prices usually involve little more than a couple of hours work “prepping” the vehicle by vacuuming its interior, washing the exterior, adding fluids, removing plastic from the seats, or perhaps a quick spraying to provide fabric protection or rust-proofing. Don’t believe claims these extra charges are mandatory; they can be waived – or at least credited in your negotiated price.

Trade-in trickery. Some salesmen will quote a low-ball price for your trade to determine if you’re sucker who bites. Others may initially quote an overly generous offer sight unseen to bait you to the showroom, and then renege that high-ball price in person, claiming your vehicle is in worse condition than expected. That’s why it’s wise to have – in-hand – realistic trade-in values based on condition and mileage (as well as year, make and model) from websites like KBB, Edmunds and AutoTrader. Again, negotiate your trade separately from the purchase price of the new car.

Post-sale packing. These tack-ons include unnecessary but expensive extended service warranties, GAP or credit insurance, “etching” the Vehicle Identification Number (VIN) onto windows, and sometimes fabric protection or rust-proofing not on supplemental window stickers. Most experts agree that extended warranties aren’t worth the money. GAP insurance is wise for some buyers, but shop around; dealers may charge twice as much as insurance companies for similar coverage.

Financing follies. Despite all those low-interest finance incentives, some dealers imply that certain buyers have worse credit ratings than they really do to trick them into a higher-rate loan. Others take it one step further: In the most common financing scam (known as “yo-yo” financing) some dealerships initially lead buyers to believe their loan application was approved – only to call back a few days later (after driving off the lot) to say that financing didn’t go through and a larger down payment or higher-rate loan is required to keep the car. Avoid these and other financing fleeces by knowing your credit score before car-shopping, and determine your qualifying interest rate by calling credit unions, banks or even a buying club such as Costco. If you do finance with a dealer, don’t sign anything with a “contingency clause” that stipulates the sale terms hang on the dealer getting the “promised” financing.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


Source link

Deja Vu Deception: These Old Scams Resurface Again

Deja Vu Deception: These Old Scams Resurface Again

Photo Credit: iStock/SIphotography

Re-run ripoffs are nothing new; what’s previously worked for scammers will likely be successful again. And that holds especially true for these three long-time (and historically prosperous) ploys that have resurfaced with a vengeance:

Jury Duty Scam
Going strong for more than a decade, this telephone scheme has scammers posing as court employees or members of law enforcement ranging from local police to U.S. Marshalls. They say that you failed to appear for mandated jury duty – and as a result of that supposed no-show, you face immediate arrest.

These imposters are usually well-prepared – citing names and addresses of their targets (often pooled from public directories) and spoofing phone call-recipients’ caller ID to show phone numbers and names of a courthouse or law enforcement agency. “The scammers often provide information that seems very convincing, including the real names of federal judges or court employees, the location of the courthouse, and case and badge numbers. The victim has every reason to believe the call is legitimate,” notes a recent warning from the U.S. Attorney’s Office. “The caller then tells the victim they can avoid arrest by paying an immediate fine and walks them through purchasing a prepaid debit or gift card or making an electronic payment to satisfy the ‘fine.’”

What makes this scam especially dangerous: In addition to a quick payoff, sensitive personal information including your birthdate and Social Security number may be solicited for possible identity theft. What to know:

  • As with jury duty summonses, official “no show” notifications are delivered by mail. Phone calls won’t occur unless a jury duty summons was mailed but returned to sender because it couldn’t be delivered.
  • Police never give advance warning of impending arrest. Courthouse employees don’t call after-hours, while you’re eating dinner or preparing for bed. Only scammers do both.
  • A bona fide court will never ask for a credit or debit card number, wire transfers, or bank routing numbers over the phone for any purpose – including missing jury duty. Fines aren’t imposed until after you’ve appeared in court, given the opportunity to explain a failure to appear. 

Utility Shutoff Scam
In this swindle, fraudsters pose as local utility company personnel, claiming that electric, gas or water service to your home or business will be terminated within hours because of unpaid bills…unless the alleged tab is immediately paid (again, typically requested by prepaid debit card, gift card or wire transfer). The typical homeowner who takes the bait loses about $500 – nearly twice the amount of other phone scams – while some business owners have lost $10,000 or more.

These scams have gotten so common – breaking rip-off records last year and on track for another banner year this winter (this ploy peaks during the busy heating season) – that more than 100 utilities have formed Utilities United Against Scams to warn customers. As “live” phone calls remain the most common way to con, newer methods also include bogus emails, automated robocalls and even “on-site” scammers in rented uniforms seeking a quick payoff and/or home entry for possible burglary. What to know:

  • Before shutting off service, all utilities mail at least one written notice, providing you with several options to pay (online, return mail, phone, automatic bank draft or in person). None initiate the shutoff process with an unexpected phone call.
  • Like most legitimate businesses, utilities don’t accept gift cards and never require payment by prepaid debit card or wire transfer. Scammers prefer these methods because they are like sending cash.
  • Service on meters or inside the home is usually prearranged; if there’s a charge for work on customer-owned equipment, you’ll be billed by the utility – not asked for on-the-spot payment. 

Charity Scams
No surprise on the timing here: The lion’s share of all charitable donations in the U.S. – nearly $390 billion last year – is made in December. And that’s when scammers do a full attack to dupe would-be donators with a hard-sell and heartfelt scripts, typically made in unsolicited phone calls, but also front-door visits and email campaigns.

Some feign to be collecting on behalf of recognized groups, but more often use sound-alike names of legitimate charities or invent their own authentic-sounding organizations. What to know:

  • Listen or watch for imitative words, such as “National” being substituted for “American” in a well-known name. Mailed solicitations are less likely to be fraudulent than those by phone, email or front-door visit, so unless you dialed the call or previously provided your email address to that organization, don’t provide a credit card number over the phone or online. Also know that legitimate charities won’t specifically request prepaid debit cards or other scammer-preferred payment methods.
  • The most successful scams (read: hot-button hoaxes) targeting older Americans are phony charities claiming to benefit police and firefighters, military veterans, sick or needy children, or victims of natural disasters.
  • Before donating to any solicitation, check the charity’s name and reputation at Give.org, Charity Navigator, Charity Watch or GuideStar. You can also contact the agency in your state that regulates charities.


For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest

See the AARP home page for deals, savings tips, trivia

Source link

Trouble from the Toy Box: Will that “Smart” Holiday Gift for the Grandkids be a Spy for Hackers?

Photo Credit: iStock/nd3000

If so-called “smart toys” are on the holiday wish list of the children in your life, know this: The FBI warns that such interactive, Internet-connected gifts could be compromised by cyber hackers – and advises that security precautions be taken before playtime begins.

Although the agency doesn’t identity specific risky products, “these toys typically contain sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options,” notes the FBI. “These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed.” They include dolls, stuffed animals, card packs, wrist bands and other playthings typically connected to the Internet, either directly through Wi-Fi or indirectly via Bluetooth to a smartphone (which, in turn, is connected to the Internet).

Among the concerns: Many smart toys, often intended to promote learning, have microphones that “could record and collect conversations within earshot of the device,” says the agency – including ID theft-worthy details such as the child’s name, address and birthdate. (Meanwhile, such details may be provided or required when creating user accounts.)

“In addition, companies collect large amounts of additional data, such as voice messages, conversation recordings, past and real-time physical locations, Internet use history, and Internet addresses/IPs,” says the agency. “The exposure of such information could create opportunities for child identity fraud. Additionally, the potential misuse of sensitive data such as GPS location information, visual identifiers from pictures or videos, and known interests to garner trust from a child could present exploitation risks.”

Some smart toys have already come under fire. Earlier this year, an Internet-connected doll called “My Friend Carla,” with an internal microphone, was banned in Germany. Meanwhile, an Australian security researcher reports that more than 2 million voice recordings were exposed via “Cloud Pets,” stuffed animals that allow parents and children to exchange voice messages. And last December, smart toy manufacturer V-Tech acknowledged that close to 5 million customer accounts were hacked via smart toys “Learning Lodge” and “Kid Connect,” allowing hackers to access children’s names, addresses, birthdates, chat histories and photos.

In addition to microphones, recording devices, cameras and GPS capability, other risks in Internet-connected smart toys include features such as speech recognition technology, speakers, and/or wireless transmitters and receivers. Also be mindful (and cautious) with products that request names, addresses, and other personal information when you register; have cloud connection capability (and remain connected to the cloud when the toy is turned off); and/or don’t include an End User License Agreement or identify its cloud storage provider.

As with other risk-posing “smart” devices in your home, here’s how to be smart with these high-tech toys:

  • Before buying, research the product for any reported security issues. Also look for certification or verification by members of the COPPA Safe Harbor Program (for Children’s Online Privacy Protection Act), an FTC-affiliated group.
  • Read the company’s privacy policy and user agreement. Find out where user data is stored (with the company, third party services or both), and research their reputations, especially in regards to cyber security.
  • Determine how (or if) you would be notified about a possible data breach or if vulnerabilities in the toy are discovered.
  • Only connect and use the toy on a trusted and secure internet access – not on public Wi-Fi.
  • Use a strong and unique PIN or password when connecting to a Bluetooth device. If the product comes with default password, change it.
  • Use encryption when transmitting data from the toy.
  • If the toy can receive software updates and security patches, ensure it is using the most updated version.
  • Make sure the toy is turned off when not in use, especially if the toys use microphones and cameras.
  • Be stingy with personal information when setting up user accounts. A teddy bear really doesn’t need to know your child’s last name, address or birthdate. Also teach young’uns to not “overshare” personal details when playing with or near the toy.
  • Turn the toy off when your children are not using it, especially if it has a camera and/or microphone.

For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

How to Spot Phishing Emails from “Trusted” Businesses

How to Spot Phishing Emails from “Trusted” Businesses

Photo credit: iStock/weerapatkiatdumrong

Year-round, all kinds of phishing attempts lurk in your inbox – from promises of massive wealth from self-described Nigerian princes (or their representatives) to threats of arrest or loss of benefits from supposed employees of government agencies that, in reality, never correspond via email.

But with the upcoming holiday shopping season – predicted to generate up to $682 billion in sales, including a record $107 billion in online purchases (14 percent higher than last year) – prepare for some of the most convincing cons angling for personal and financial information that could lead to identity theft.

That’s because they supposedly come from companies you know, trust, and likely rely on – especially this season: Online retailers, credit card companies, PayPal, banks, even airlines and delivery services like FedEx and UPS. Some bogus emails allege an “order confirmation.” Others claim a problem – say, your account was frozen, requires an update or verification, or there’s a shipping or delivery snafu. Others tout coupons, unbelievable discounts or freebies ranging from expensive iPhones to gift cards (often promised for completing a customer survey that could provide identity thieves and sleazy marketers with sensitive information best not shared).

All seek the same goal: To get you to reveal sensitive information – personal details, log-in credentials, account and credit card numbers – and/or click on an imbedded link or attachment that harbors computer-infecting malware. Here’s how to distinguish the bona fide from the bogus (even after the holiday shopping season):

  • A legit company knows its customers. True, so-called “spearphishing” emails and “artisanal” spam include your name, but those more personalized phishing attempts typically target workplace or social media accounts. Phishing emails related to holiday shopping and other seasonal activities are more likely to have generic greetings such as “Dear Customer” because they are blasted en masse. Legitimate messages from companies always include the customer’s name, account number (or at least a portion of it) and other specific-to-you information – and they won’t ask you to provide it.
  • Real messages focus on guidance, not getting. When legit companies email about issues or problems that need to be addressed, they instruct you to log-in into your online account or call their customer service phone number, and rarely (and shouldn’t) include a link promising “more details.” Only phishing scammers ask that sensitive information by provided via reply email, and tease to get must-know news in links rather than prominently display it in no-click-needed text.
  • Genuine messages don’t threaten. Scammers know that fear is a powerful motivator; above-board companies know it’s bad business. Threats, intimidation and warnings of dire consequences are the foundation of success for many fraudsters – such as claims your account will immediately be frozen or closed unless you immediately respond with money or sensitive information that real companies already have.
  • Actual companies don’t give away the store. Sure, they want your business, but legit vendors aren’t in business to lose money. Be suspicious of non-personalized messages promising freebies of high-priced items or travel excursions “just because” or sales of hot-selling merchandise for a fraction of the cost offered by competitors. If there truly is a giveaway or blowout sale, retailers will have full details on the website.
  • Authentic businesses are professional. They send emails from their own domain – companyname.com – not a free service like Gmail or Yahoo. (When in doubt of the sender, hover your mouse over the “from” address.) And they ensure their messages are grammatically correct, free of misspellings and “readable” to their customers. Because emailing phishers often operate overseas, their messages tend to be linguistically challenged, littered with Scammer Grammar, typos and note currency descriptions not commonly used in the U.S. companies – such as listing prices at $19.95 USD (for U.S. dollars).

For information about other scams, sign up for the 
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

 Also of Interest

See the AARP home page for deals, savings tips, trivia

Source link

Why You Can’t Trust Phone Calls You Think You Should Trust

Photo Credit: iStock/lolostock

“Call from 877-382-4357? Hang Up,” warns the Federal Trade Commission. Seems that phone number – better known as 877-FTC-HELP, the agency’s go-to hotline to report scams – is another example in a never-ending plague of spoofing, the practice of deliberately displaying a false number (and sometimes name) on the recipient’s caller ID.

The goal of scammers using this tried-and-true telephone trickery is to present a phone number that can be trusted, so recipients answer the phone. “Once you start talking,” explains Jonathan Sasse of PrivacyStar, whose app identities and blocks scam calls, “their autodialing software detects a live number and person on the other end and the scam begins.”

How spoofing works: Using cheap and readily available services such as Spoofcard and/or popular computer-based Voice over Internet Protocol (VoIP) telephone systems, phoning fraudsters select whatever number they want displayed, for whatever ruse they choose. They most often pretend to be calling from a government agency, utility company, bank or tech company such as Microsoft. They also claim to be police, sweepstakes officials, even AARP. Fast-growing schemes include spoofing local numbers (typically using the recipient’s same area code and prefix) so calls appear to be from neighbors, your pharmacy or doctor’s office – or even your own phone number.

Some spoofed calls are made individually, but the majority are sent en masse – sometimes by the millions – with the help of autodialers. Some are “live,” but most are robocalls – and with as little as your “Hello,” you’re typically transferred to a boiler room where a smooth-talking fraudster take over.

Although spoofing scams have been around for nearly a decade – originally done mostly to glean consumers’ bank account details – it’s now the foundation of most leading phone scams. (Spoofing itself is not illegal, but under federal law, it is illegal to transmit misleading or inaccurate caller ID information “with the intent to defraud, cause harm, or wrongly obtain anything of value.”)

Whatever the ruse, it’s the same rip-off: First, display a phone number that appears trustworthy so the call is answered. Then, those most untrustworthy scoundrels behind this deceptive dialing angle for your money and/or phish for personal information that could be used for identity theft – usually by instilling fear, sometimes luring with greed.

To make calls seems authentic – and better incentivize you to answer – spoofed numbers often display the name of the supposed caller, say “Internal Revenue Service” or “Bank of America.” But others have more generic displays such as “Bank” or “County Courthouse,” maybe a city such as “Washington, D.C.”; others simply show a phone number.

Consider the most common phone schemes, each using spoofing with a fraud-focused cornerstone: False threats of immediate arrest from self-described IRS agents and police because of overdue taxes or missing jury duty. Bogus bank calls alleging “a problem with your account” and Medicare scams claiming a need to “verify your identity” or you’ll lose benefits. The myth that your computer has a crippling virus when those liars from a far-away country have no idea if you even own one. The list goes on – and so will spoofing.

Depending on your phone type and operating system, call-blocking apps such as Hiya, Truecaller, NoMoRobo or PrivacyStar can block many spoofing calls. But when others get through, here’s what to do in addition to not answering or hanging up:


  • If you answer, don’t speak. A “live” person on the other end will start a conversation, but several seconds of dead silence indicates it’s a robocall using voice-activated technology to transfer you, or at least play a message.
  • If you speak, say nothing of value. That includes providing or even confirming your name, account numbers, anything that helps phoning fraudsters identify you. If the caller claims to be with a company you do business with, hang up and call the customer service number listed on your statements, in the phone book, or on the company’s website. If the caller claims to be with a government agency, hang up – knowing that the IRS, Medicare, SSA and other government agencies do not make unsolicited phone calls.
  • If you have a voice mail account with your phone service, set a password for it.  Some voicemail services are preset to allow access if you call in from your own phone number, and without a password, scammers could spoof your home phone number and gain access to your voice mail.
  • If it’s not personal, assume it’s a scam. Unlike automated but personalized reminder calls from doctor’s offices or pharmacy, scam robocall campaigns do not mention your name or other personal identifiers. That’s because thousands or millions of others get the identical message.

For information about other scams, sign up for the
Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.

Source link

How to Avoid Hotel “Resort Fee” Ripoffs

How to Avoid Hotel “Resort Fee” Ripoffs

Although not new, hotel “resort fees” and surcharges are higher than ever – predicted to generate a record $2.7 billion this year – and now include previous freebies: parking, holding luggage, early cancellation or check-out, mini-bar “restocking” on top of those already overpriced snacks and beverages, and even the privilege of having (but not necessarily opening) a hotel room safe. Other charges include so-called “resort fees” for services and amenities offered by hotels, even when not used by individual guests: gyms, swimming pools, WiFi, fax services, automatic gratuities for staff, and “complimentary” newspapers and        coffee.                                                                                                                                      Photo Credit: iStock/Dragonimages

All told, this nickel and diming can add 30 percent to the advertised room rate. At least 47 state Attorney Generals are investigating if hotel fees are transparent and honest, and a recent Federal Trade Commission report decreed “separating mandatory resort fees from posted room rates without first disclosing the total price is likely to harm consumers.” But for now, hotel resort fees and surcharges are allowed so it’s on you to find and try to avoid them. Here’s how:

Look before you book. Don’t expect surcharges will be prominently displayed on hotel or third-party booking websites; they may be hidden in the fine print (but often are not). ResortFeeChecker.com helps take out the guesswork by listed known fees at hotels you may be considering.

Don’t wait for a waiver. Whether you make reservations online or by phone, a call to the hotel before arrival is the best time (and way) to confirm likely add-ons, and get them removed – especially if you have no plans of using “resort fee” services like hotel gyms. In that call, get the hotel or booking agent’s name and ID number, and have it, with details of your conversation, at check-in. Also mention what fee-mandated services you won’t be using (such as the gym, pool or room safe) and get the front desk clerk’s name at check-in should problem$ occur when you get your bill.

Learn the lingo.  Although most commonly called a “resort fee,” these add-ons may have other monikers: a “facility fee,” a “designation fee,” an “amenity fee,” a “convenience fee,” or in larger cities, an “urban fee.”

Be a “program” patron. Hotel loyalty programs may waive certain resort fees and surcharges for members, possibly even for new enrollees. Hotel stays booked with credit card awards point is another way to waive some fees.

Politely (and logically) raise a stink. Hotel resort fees may be called “mandatory,” but it’s a manager’s call on whether they are worth losing a repeat customer or getting bad online reviews. If charged for services you didn’t use or weren’t provided as promised – say, the pool was closed or WiFi was slow – don’t quibble with some low-level clerk with no bargaining power. Ask to speak with the manager, with whom you should calmly state your case. If all else fails, dispute the charges with your credit card company, documented with reasons you shouldn’t pay…especially if fees weren’t disclosed until check-out.

For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.


 Also of Interest

See the AARP home page for deals, savings tips, trivia and more.



Source link

Pin It on Pinterest